According to this openafs post, the problem is that the keys for the AFS principal must be of type des-cbc-crc. But the current version of kerberos on debian appears to silently refuse to write such keys. For example:
After using:
the resulting keys are still aes128-cts-hmac-sha1-96.
Also, after editing /etc/krb5kdc/kdc.conf to addand completely removing other enctypes, the krb5-admin-server service refuses to start:
After using:
Code:
sudo kadmin.local addprinc -e des-cbc-crc -randkey afsAlso, after editing /etc/krb5kdc/kdc.conf to add
Code:
supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4# supported_enctypes = aes256-cts:normal aes128-cts:normalCode:
May 31 18:57:32 asus systemd[1]: Started krb5-admin-server.service - Kerberos 5 Admin Server.May 31 18:57:32 asus kadmind[19399]: kadmind: Required parameters in kdc.conf missing while initializing, abortingMay 31 18:57:32 asus kadmind[19399]: Required parameters in kdc.conf missing while initializing, abortingMay 31 18:57:32 asus systemd[1]: krb5-admin-server.service: Main process exited, code=exited, status=1/FAILUREMay 31 18:57:32 asus systemd[1]: krb5-admin-server.service: Failed with result 'exit-code'.Statistics: Posted by ealfonsoy — 2024-05-31 23:25 — Replies 4 — Views 126